Monthly Archives: March 2016

If you were allowing yourself to feel a little optimism that the world might be becoming a more peaceful place, with the ceasefire in Syria seeming to hold longer than most analysts ever expected, this week’s harrowing events in Belgium may have dimmed those hopeful glimmers.

The bombings in Brussels underlined once again that the jihadist violence that emanates from this war-torn region is as menacing as ever.

Three bombs went off in the Belgian capital on Tuesday. Two were set off by suicide bombers at the international airport and one explosion ripped through a subway train downtown, close to the heart of the European Union’s headquarters. At the time of writing more than 30 people are dead and more than 300 are injured.

The extremist group which calls itself Islamic State (IS) claims that its followers were behind the attacks. It is waging war in Iraq and Syria and holds significant amounts of territory. It has attracted some Muslims born in the West to join the fight there. It’s when they return home to the West, battle-hardened and with military know-how, that counter-terrorist agencies start to worry. And as events in Brussels this week and Paris in November have shown—with good reason.

Since declaring a Caliphate in June 2014 (a religious term which harks back to the era of the Prophet Mohammed and expresses a desire to unify the global Muslim community under a central leadership), IS has already conducted or inspired nearly 70 terrorist attacks in 20 countries other than Iraq and Syria. This is a harrowing trend that is unlikely to reverse in the short term. Belgium, with the largest number of foreign jihadi fighters in Iraq and Syria in absolute and relative terms, is therefore at considerable risk when these fighters return home.

Terrorism inspired by a narrow, extremist interpretation of Islam (particularly the Salafi-jihadi type) continues to pose a major security threat to Western European countries. IS and other such groups view these nations as attractive targets: in particular Belgium, Denmark, France, Germany, Italy, Netherlands, and the United Kingdom. This may be because of their foreign policies, especially those involved in Muslim countries, or because specific events that have caused a strong visceral response among more hard-line elements of the Muslim community.

The cyber insurance market presents insurers with an attractive growth opportunity. It also presents a significant challenge to overcome. Coverage constitutes the largest genuinely new class of business developed by the insurance industry for at least a generation. And its potential at even the conservative end-of-the-scale can be measured in tens of billions of US dollars.

However, with limited tools to measure the threat, carriers have been understandably reluctant to throw too much capital at the risk. With warnings about the systemic nature of the threat reverberating through the press to boardrooms, the industry has so far approached the risk with caution and coverage has been limited.

Yet the need for insurance solutions to assist corporates with their cyber threat is real and great. In the wake of losses such as Target’s $67 million settlement with Visa over a breach of customer payment data, and an estimated annual global cost of cybercrime of $445 billion, companies are eager to offload what they rightly see as a large and looming financial risk.

Industry Concerned by Systemic Nature of Cyber

We recently surveyed 40 RMS clients already writing cyber, including insurers, reinsurers, and brokers, to gain an understanding of their concerns. They had a number of common challenges.

Firstly, due the dynamic and emerging nature of the peril it’s difficult to quantify just how big and systemic a potential cyber catastrophe might be. In addition, with so many different attack methods available to cyber criminals—even knowing where the attack will come from poses some difficulty.

Another common challenge was the uncertainty of how cyber attacks could impact non-affirmative cyber policies—the so-called silent exposure. With limited precedent set for how cyber-related losses would trigger these policies there is uncertainty around the impact of a cyber catastrophe.

Lastly, the lack of a common data standard or a mechanism for understanding aggregations of risk, pose a further challenge, hindering companies in understanding their capital implications, setting risk appetites, and meeting their regulatory reporting obligations.

A Response to the Problem

We have tackled our clients’ cyber risk management concerns by developing a cyber accumulation management solution, built on three core elements.

A data standard for the industry

Our Cyber Exposure Data Schema was developed in conjunction with the Centre for Risk Studies at the University of Cambridge, with support from leading market companies. It provides an approach to standardising cyber data as a distinct peril. It copes with both affirmative and silent cyber coverage, and allows risk to be tracked and transferred by providing a consistent framework for data capture, storage, and analysis. Critically, it is open source, model-agnostic, and extensible.

Five loss scenarios to stress test portfolios

The new RMS cyber loss process models assess actual books of business against multiple realistic loss scenarios, testing various levels of severity for the top five cyber threats identified by our industry development partners at Cambridge. Running analyses shows underwriters how loss events would interact with their exposure, and isolates the key drivers of risk, allowing an informed, independent view of cyber to be formed.

A Cyber Accumulation Management System

The accumulation engine is the framework for generating loss projections. The analytical capabilities enable companies to report exposure aggregates by coverage type and potential loss characteristics, to a previously unthinkable level of granularity. It highlights accumulations and correlations, giving insurers, reinsurers, and brokers all of the tools necessary to answer questions regarding portfolio optimization, capacity and capital requirements, while delivering answers to regulatory demands.

Together these three components comprise a complete cyber risk management solution which solves the key, real-world challenges facing the insurance industry today. We have created a new standard for the capture and management of cyber exposure data, and mechanisms both to get a handle on affirmative and silent cyber risks, while simultaneously meeting reporting requirements. All of that delivers the insights necessary to unlock the capital necessary to meet ultimate insureds’ demands for cyber cover, and allow the insurance sector to grow confidently into this exciting new line of business.

The just-announced keynote speakers are among the many reasons to join us at Exceedance 2016. These leading experts will share their unique insights on terrorism, cyber security, and climate change—focusing on the human elements driving the science:

Bruce Hoffman, security studies professor at Georgetown University who held counterterrorism posts at RAND and the CIA and was a lead author of the final report from the independent commission on the FBI’s post-9/11 terrorism response

Matt Olsen, a president and co-founder of IronNet Cybersecurity whose work at the National Security Agency and Department of Justice led to his appointment as director of the federal government’s National Counterterrorism Center

Tim Jarvis, environmental scientist and author who is the founder and leader of 25zero, a campaign to raise awareness of the impact of human-induced climate change on the world’s rapidly melting equatorial glaciers—and leader of multiple expeditions including the Shackleton Epic Expedition

We’ve also recently released descriptions of the more than 60 sessions and other opportunities to interact with leaders, scientists, and your peers.

There are so many reasons to be a part of Exceedance this year, we’ve created a 1-minute video outlining the Top 5.